Introduction to cyber security: stay safe online | 1

Introduction to cyber security: stay safe online

Week 2: Authentication

Two-factor authentication on Facebook

Facebook also supports two-factor authentication (which it calls Log in Approvals). Facebook’s two-
factor authentication process is activated whenever you log in from a new computer. An SMS is sent
to your phone containing a unique security code, which you will need to enter into Facebook before
you can log in.
Set it up using following the instructions:
1. Log into Facebook with your normal username and password.
2. On the top blue bar, click your Timeline button (it will contain your photo and name). Then
click the Update Infobutton which appears near the right-hand side of the window.
3. Any phones registered with Facebook are listed in your ‘Contact Information’ details. If you
don’t already have a mobile phone registered, you will need to register one now by clicking on
the Add Mobile Phone button.
Take care when completing your telephone number. There is an option (shown by a small
padlock) which allows you to customise who has access to your phone number; Facebook has
an option to make your number public, but we’d recommend choosing the ‘Only Me’ option
from the menu.
4. Once your details have been registered, your number will be listed in your ‘Contact
Information’. You still need to verify your telephone number, click the Verify link next to your
mobile phone number, then choosing how Facebook will send you the verification code.
If you choose to receive it by text you will get an SMS, otherwise you can opt to receive an
automated telephone call. In either case you will receive a six figure authentication code. You
will need to enter this number back into Facebook and click Confirm to complete registration.
5. Return to the top blue bar and click the small downward pointing arrow at the top right of the
window – this is Facebook’s main menu. Choose ‘Settings’ from the pop-up menu.
6. Choose ‘Security’ from the left-hand menu, then click the Edit button next to the ‘Log in
Approvals’ options. Make sure the box labelled ‘Require a security code to access my account
from unknown browsers’ is checked and follow the straightforward instructions. At the end of
the process, Facebook will need to send you another SMS message to confirm that two-factor
authentication has been activated.
7. You might want to take this opportunity to increase your security by having Facebook notify
you if an attempt has been made to access your account. Still on the ‘Security’ section,
choose the ‘Log in Notifications’ Edit button.
 Introduction to cyber security: stay safe online | 2

8. Facebook offers to send you emails or text messages when your account is accessed from a
previously unknown machine. These notifications will be triggered when you log in on a new
machine, but also if someone else is using your account details to gain access. Choose which
methods you want to use, then click the Save Changes button.

Other two-factor authentication services

As well as many online banking systems, other websites support two-factor authentication, most of
which rely on SMS messages. Services include:
• Apple
• Dropbox – a cloud file sharing service
• Evernote – a cloud-based document and note taking service
• Microsoft Accounts – used by the Microsoft App Store and its OneDrive cloud storage service
• PayPal – online payments used by many small web retailers and eBay
• Steam – online game delivery
• Twitter
Look out for two-factor authentication on other websites. Set it up to better secure access to your
data.

3.2 Other services supporting two-factor authentication

Figure 11
 Introduction to cyber security: stay safe online | 3

Long description
You may be surprised at the range of services and products that provide two-factor authentication.
You’ll consider these in the next activity.

Activity 1 Two-factor authentication

Allow about 15 minutes
Consider the questions below and see what you can find out.
• Does your bank or credit card company use two-factor authentication, either online or via
telephone banking? If so, what form does it take?
• What kind of two-factor authentication is used by shops that you use, either online or in the high
street? One example is putting in the security code from the back of your credit card (the last three
digits) to prove that you have the card in your possession.
• Can you find examples connected with your work, for example to access the company VPN or
different areas of the building?
Write a short comment about the type of methods and devices you came across that offer two-factor
authentication in the space below. Then discuss the questions with colleages and add to your notes
any other methods and devices you have learned about.

5 Summary of Week 2

Figure 12
Long description
 Introduction to cyber security: stay safe online | 4

This week you explored how authentication works and the role of passwords in the operation of
authentication mechanisms.
You learned how weak passwords could threaten the security of digital information and your online
identity. You also learned about different ways of improving your password security, including
techniques for coming up with strong passwords, using password managers and two-factor
authentication.
Of course attacking passwords are not the only way that attackers can gain access to systems. They
can also exploit vulnerabilities in software, making it important that you keep systems up to date with
the latest security fixes/patches. Attackers might also try to execute malicious software, ‘malware’,
on your systems. These topics will be covered in the week ahead.